Security researcher demos new cellphone attack

Kate Taylor, 9th December 2010

A researcher at the University of Luxembourg has demonstrated a new type of attack against mobile phones at the security conference DeepSec in Vienna.

Using a base transceiver station - widely available for around $1,000 - he showed how common programming errors in cellphones' communication stack can be exploited to gain control over the devices.

Ralf-Philipp Weinmann says he found 'devastating' flaws in a large percentage of cellular communication stacks. He says anyone sufficiently motivated would be able to exploit these to make an attacks - which would be almost undetectable.

The exploit would allow hackers to take over control of mobile phones anywhere within the range of the rogue transceiver - which Weinmann points out could mean hundreds of phones at a time in crowded urban areas.

They could then start racking up the cash by either dialling premium numbers or sending text messages to premium services.

Hackers could also use the technique to monitor the user's complete communications, and could even eavesdrop on the owner by instructing the cellphone to pick up incoming calls automatically - without the user noticing.

The attacking transceiver needs to be online for just a couple of seconds to perform the attack.

Weinmann says he is working with a number of unnamed vendors of both cellular communication chips and cellphones to fix the security flaws and prevent similar problems in future.